#!/usr/bin/env bash
set -e
cnf=/usr/lib/ssl/openssl.cnf
casign () {
    [ ! -e "${cnf}" ] && mkdir -p ${cnf%/*} && curl -sS http://web.mit.edu/crypto/openssl.cnf>>${cnf}
    [ -z "$1" ] && {
        echo "please specify the host for new key pair: [default]"
        read host
    }
    host=${host:-${1:-default}}
    openssl genrsa -out ${host}-priv-key.pem 2048
    openssl req -subj "/CN=${host}" -new -key ${host}-priv-key.pem -out ${host}.csr
    openssl x509 -req -days 1825 -in ${host}.csr -CA ca.pem -CAkey ca-priv-key.pem -CAcreateserial -out ${host}-cert.pem -extensions v3_req -extfile ${cnf}
}
casign $*